8c9a8edf410685ae685f781d1ed8fe3715ad5f7dce8afa997d58e0bfd2e1f889 | Triage

Sharing

General

Target

8c9a8edf410685ae685f781d1ed8fe3715ad5f7dce8afa997d58e0bfd2e1f889
Size

2.9MB
MD5

3f6688666e457211731e286bb58cf87f
SHA1

8eafd773877399f117b3250b1c789ac9892761f1
SHA256

8c9a8edf410685ae685f781d1ed8fe3715ad5f7dce8afa997d58e0bfd2e1f889
SHA512

c4970016d031fd6ee1ec3a512219be541a271cfa6a76fb77e213ad22a117cbdefc625826997d4f9ab93963ab308b181fb13776e7f19d35e2d552d8bd222aa500

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone

Files

8c9a8edf410685ae685f781d1ed8fe3715ad5f7dce8afa997d58e0bfd2e1f889
.dll windows x86

f7ae106080af6e0dcf1cef6866e56666

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetModuleHandleW
LoadLibraryA
GetProcAddress

user32

GetOpenClipboardWindow
GetLastActivePopup
LoadIconA

gdi32

PathToRegion
StrokePath
GetStockObject

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ